Hey guys there are 2 URLs I’ve been trying to allow through my firewall.
On my network i’m blocking all traffic from the employees except these 2 websites.
I tried every possible method with NOTHING working at all…
Seems that these 2 websites depend on dynamic addresses.
But whenever i list the URLs in the walled garden list, on my other clients’ wifi running hotspot… The websites load incredibly well !!
Is there any method to make RouterOS solve the urls and add all the IPs on it’s way to an auto-generated Address list (off the hotspot ofc)
The main complication is that the website uses some sort of Google fonts API and that’s probably the main reason behind the failure of all common methods I’ve been trying!
You can define the hostname in the walled garden IP list (dst host field) and then as DNS requests are made for this host, different IP replies will be added as dynamic entries in the walled garden.
My problem isn’t with the hotspot… the sites work fine through it…
I’m speaking on my separate private network, on a totally different vlan, it’s impossible to allow the site through the firewall.
I’ve tried to allow it as a url, as an IP, using Layer 7.
The only method that did work is tracing the route and adding all the IPs to an address list.
Is there any way to schedule and automate this process ? as the website has dynamic IPs
The sites work incredibly fine through the hotspot’s walled garden list.
My point is that it’s impossible to allow them through my firewall on my separate private network, different vlan but the same router board.
I’ve tried allowing them as URLs and IP addresses through the firewall even layer 7 none worked.
Till later on i started adding the IPs hunted through a tracerout manually to an address list.
Is there any possible way to trace and add the IPs to a list automatically ? and run the script every while as the sites are based on dynamic IPs.
Perhaps you need to get down to basics- disable the hotspot and all filter/mangle rules. No route rules, nothing fancy at all - only one masquerade rule… Use a public DNS like 8.8.8.8 directly on the PC.
Try having the PC directly connected to the ISP. Note the MTU of the interface while directly connected, as that’s the only setting I can think of that might cause an issue for a router while working perfectly well on a directly-connected PC.
If i do what you said, then i’ll have full internet access for 1 computer and i’ll have it isolated.
I just want all PC on the network to communicate with each other, don’t have access to anything but the mentioned website…
The website loads once i allow it through the firewall, but it depends on a part called Google API which i can’t manage to enable through the firewall as their IP addresses change…
Google has tons of IP space which you can look up in several places online but those apply to EVERYTHING that Google offers. It sounds like your firewall rules are the source of your problems… However there is a new feature in the RC version that lets you use domain/host names in firewall address lists, so if you feel like trying that, then you can allow things by host name.
